Lucene search
K

11 matches found

GithubExploit
GithubExploit
added 2026/06/05 9:21 a.m.77 views

Drift-Protocol-Exploit-2026

Case Study: Drift Protocol $285M Logic Exploit April 2026 A...

6AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.10 views

setFullWeightDuration() can be called while a member election is ongoing

Lines of code Vulnerability details Bug Description In SecurityCouncilMemberElectionGovernorCountingUpgradeable, fullWeightDuration which is the duration where a user's votes has weight 1 can be set using setFullWeightDuration: SecurityCouncilMemberElectionGovernorCountingUpgradeable.solL77-L84...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.11 views

_scheduleUpdate() should be called during initialize ing the SecurityCouncilManager

Lines of code Vulnerability details Impact Updates will not be scheduled through timelocks and target upgrade executors by the scheduleUpdate call. Initial set of cohort members will not be scheduled. Proof of Concept In SecurityCouncilManager whenever a new member is added, or removed or swapped...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/31 12:0 a.m.9 views

if _rescueFunds was called with the address of a mToken, the admin would currently be able to sweep those tokens,

Lines of code Vulnerability details Impact It allows the admin to steal deposited funds from users It removes mTokens used as collateral to back borrows Proof of Concept Assume there is a mToken at address 0x123 that has issued some tokens. The admin calls rescueFunds0x123, uint.max. This will...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/06/16 12:0 a.m.15 views

Upgraded Q -> 2 from #16 [1686928129422]

Judge has assessed an item in Issue 16 as 2 risk. The relevant finding follows: L-3 onlyOwner single point of failure Impact The onlyOwner role has a single point of failure and onlyOwner can use critical a few functions. Even if protocol admins/developers are not malicious there is still a chanc...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.16 views

Centralization risk for trusted owners

Lines of code Vulnerability details Description: Contracts have owners that have privileged rights to perform admin tasks. These owners need to be trusted to not perform malicious updates or drain funds. Having a single Externally Owned Account EOA as the sole owner represents a significant...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/11/08 12:0 a.m.14 views

Unable to claim vesting due to unbounded timelock loop

Handle nathaniel Vulnerability details Impact The timelocks for any beneficiary are unbounded, and can be vested by someone who is not the beneficiary. When the array becomes significantly big enough, the vestments will no longer be claimable for the beneficiary. The vest function in Vesting.sol...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/10/06 12:0 a.m.7 views

Missing events/timelocks for owner/admin only functions that change critical parameters

Handle defsec Vulnerability details Impact Owner/admin only functions that change critical parameters should emit events and have timelocks. Events allow capturing the changed parameters so that off-chain tools/interfaces can register such changes with timelocks that allow users to evaluate them...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2021/09/29 12:0 a.m.13 views

Missing timelock for critical contract setters of privileged roles

Handle 0xRajeev Vulnerability details Impact Setter functions for critical protocol parameters accessible only by privileged roles e.g. onlyOwner should consider adding timelocks so that users and other privileged roles in the case of a multiSig can detect upcoming changes and have the time to...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/09/22 12:0 a.m.10 views

Trying to use timestamps with blocknumbers

Handle goatbug Vulnerability details Impact requirebondTimestamp + ONEDAY block.number; There are require statements comparing timestamps to blocknumbers. We cannot assume one block per second, this code would not work on different chains where block times radically differ. The effect is having...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2021/08/11 12:0 a.m.12 views

Missing events/timelocks for owner/admin only functions that change critical parameters

Handle 0xRajeev Vulnerability details Impact Owner/admin only functions that change critical parameters should emit events and have timelocks. Events allow capturing the changed parameters so that off-chain tools/interfaces can register such changes with timelocks that allow users to evaluate the...

7AI score
Exploits0
Rows per page
Query Builder